Virtual Switching Without a Hypervisor for a More Secure Cloud

Cloud computing leverages virtualization to offer resources on demand to multiple "Tenants". However, sharing the server and network infrastructure creates new vulnerabilities, where one tenant can attack another by compromising the underlying hypervisor. The authors design a system that supports virtualized networking using software switches without a hypervisor. In the authors' architecture, the software switch runs in a Switch Domain (DomS) that is separate from the control VM. Both the guest VMs and DomS run directly on the server hardware, with processing and memory resources allocated in advance.